When associations first joined the internet revolution in the late 1990s and early 2000s, few executives could have predicted the revolution that would take place over the coming decades. This revolution affected countless industries that had been accustomed to sharing information in secure ways, using the postal service to send printed newsletters and relying on members to attend national conferences.
Privacy did not need to be designed into the system. The membership database lived on a single computer that was locked behind a closed door inside the association’s headquarters. Illegally accessing the database could only be accomplished by stealing the computer or copying the contents of the drive on floppy discs and physically removing the discs from the premises.
This all could have been prevented if Facebook had been built with privacy in mind. Back in 2010, a software initiative was created in Europe, called “Privacy By Design.” Its seven foundational principles for software design were as follows (source: Wikipedia):
1. Proactive not reactive; preventative not remedial: anticipates privacy-invasive events, does not wait for risks to materialize;
2. Privacy as the default setting: no action is required by the individual to protect their privacy;
3. Privacy is embedded into the design: not an add-on bolted onto existing systems;
4. Full functionality – positive-sum, not zero-sum: no tradeoff of security vs privacy, win-win for all parties;
5. End-to-end security – full lifecycle protection: from initial introduction to the system through the individual’s lifecycle, including the right to be forgotten;
6. Visibility and transparency – keep it open: all stakeholders are operating in accordance with stated promises and objectives, and component parts remain visible and transparent to both users and providers;
7. Respect for user privacy – keep it user-centric: the interests of the individual are paramount.
Association execs and event organizers have begun to ask themselves: what’s the risk to our organization of a large-scale data breach? Is our software and are our systems PYD? (=Private By Design). How about the companies we partner with to do our marketing, register our attendees, and maintain our membership database?
The Convention Nation team has conducted quite a bit of research and has discovered security issues that execs should be made aware of. For many events, privacy and security is a facade. The organizer’s intentions are good, but glaring holes exist that leave attendees’ privacy unprotected.
In follow-up blogs, we’ll discuss the implications of social media posts, print badges, registration systems, website content, room blocks, and catering lists on your customers’ security.
But if you can't wait because you're concerned about the privacy settings in your systems, feel free to contact us right away.